summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMoisés Guimarães de Medeiros <moguimar@redhat.com>2020-07-24 17:35:09 +0200
committerMoisés Guimarães de Medeiros <moguimar@redhat.com>2020-07-25 11:51:52 +0200
commitc9f7cd460c2eabf1f78bb34b78c2b28186ece768 (patch)
tree519168e05ecc7f86547ae77f897c40160e0cd10e
parent6296fce9f8e3205506f87dd31d0b18f4b7842000 (diff)
downloadoslo-policy-c9f7cd460c2eabf1f78bb34b78c2b28186ece768.tar.gz
Bump bandit version
This patch bumps bandit allowed version to >=1.6.0,<1.7.0 in order to avoid the errors detailed here https://github.com/PyCQA/bandit/pull/393 Change-Id: I0570c916cffc08bcbaebb385a9cc4a4c7038b215 Signed-off-by: Moisés Guimarães de Medeiros <moguimar@redhat.com>
-rw-r--r--oslo_policy/policy.py10
-rw-r--r--test-requirements.txt2
2 files changed, 8 insertions, 4 deletions
diff --git a/oslo_policy/policy.py b/oslo_policy/policy.py
index 83e4c0c..2b19a66 100644
--- a/oslo_policy/policy.py
+++ b/oslo_policy/policy.py
@@ -956,16 +956,20 @@ class Enforcer(object):
# If the rule doesn't exist, fail closed
result = False
else:
+ # NOTE(moguimar): suppressing [B105:hardcoded_password_string]
+ # as token_scope is not actually a hardcoded
+ # token.
+
# Check the scope of the operation against the possible scope
# attributes provided in `creds`.
if creds.get('system'):
- token_scope = 'system'
+ token_scope = 'system' # nosec
elif creds.get('domain_id'):
- token_scope = 'domain'
+ token_scope = 'domain' # nosec
else:
# If the token isn't system-scoped or domain-scoped then
# we're dealing with a project-scoped token.
- token_scope = 'project'
+ token_scope = 'project' # nosec
registered_rule = self.registered_rules.get(rule)
if registered_rule and registered_rule.scope_types:
diff --git a/test-requirements.txt b/test-requirements.txt
index 29e6739..3c503c3 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -11,4 +11,4 @@ oslo.context>=2.22.0 # Apache-2.0
coverage!=4.4,>=4.0 # Apache-2.0
# Bandit security code scanner
-bandit>=1.1.0,<1.6.0 # Apache-2.0
+bandit>=1.6.0,<1.7.0 # Apache-2.0